A Guide to SOA Governance

Executive Summary

SOA projects have to normally justify themselves through quantifiable results, one at a time, to get wider internal adoption. SOA Governance could help realize the ROI by defining reliable, quantifiable results for SOA implementations through a regular collection of metrics and mandating changes to improvise implementation. This document describes SOA Governance and the typical stages through which such Governance could be implemented. It briefly discusses the types of Governance and typical Governing bodies that could be formed to deliver a successful SOA project.

Introduction

SOA or Service Oriented Architecture is:

An approach to implement business processes as a set of predefined services. In a service-oriented approach, a “service” is the smallest building block, which encapsulates the implementation logic and can be executed repeatedly in a given process or across processes.

Typically, a service repository contains the portfolio of services in an organization. The value of SOA is realized through its powerful framework of services built using open standards to promote reuse.

The ROI realized through SOA is a much-debated topic today. Considering the effort it takes to build a SOA, in-terms of the people, training, tools, processes and internal discipline, benefits of reuse would need to be realized early on, to gain confidence. Carefully planned governance could be a critical catalyst in realizing ROI for a SOA project.

Governance is:

To define/implement/monitor policies, principles, standards, procedures & processes that enable organizations to direct & conduct business, and enable people in their roles.

Governance is a tool that defines organizational roles and empowers individuals conducting these roles. Various technical tools available in the market today help automate a certain aspect of the governance process; however, as would be expected, Governance does involve considerable human intervention.

IT Governance refers to a subset of the organization’s governance that deals with the management and control of its IT systems, processes, people, IT assets, infrastructure and the way IT processes support a business goal. IT governance forms a significant part of the Enterprise governance – considering the horizontal IT spread in any organization.

SOA Governance is an extension of IT governance, which focuses primarily on the lifecycle of services, metadata and composite applications in a typical SOA initiative.

As a specialization of IT governance, SOA governance suggests how an IT governance’s decision rights, policies, procedures and measures need to be modified and augmented for successful SOA adoption.

SOA Life Cycle & Processes

A typical five-stage SOA lifecycle is as shown below:

Identify phase involves gathering business requirements & objectives, identifying the independent business processes in design, which will be translated to achieve the business goal – mapping the requirement to the design and breaking the design down into business processes.

Create phase concerns the creation of the identified business processes or realigning them (through addition/modification/integration) to the business goal.

Test phase addresses the conformance to requirements. Each developed process / service gets evaluated against pre-defined criteria for conformance.

Manage & Improve phase involves the actual deployment and maintenance of the operational system. This includes performance monitoring, service response time, problem log & fix, among others to get the service operational. This would also involve tuning the services to achieve an updated business design.

SOA Governance

As SOA crosses lines of business and IT, there is a greater need for effective SOA governance to ensure success in-terms of ROI. In the initial SOA wave, governance was thought to be a ‘niceto-have’ discipline but with growing maturity and complexity, SOA projects mandate a well-defined SOA governance body.

Quality of project execution & ROI is a mirror reflection of any governance and so it is for SOA

SOA projects typically require higher governance owing to hidden dependencies & less available standardization. We believe that SOA Governance must be diligently implemented and treated as a full-fledged project, rather than as an overhead.

Hence, we recommend that SOA governance principles be applied in a similar fashion to the 5 stage lifecycle as described in the ‘SOA lifecycle & processes section’ above:

1) Identify

Document the SOA benefits & prepare a business case to get an internal buy-in.

Access current IT systems to measure the reusability and feasibility for SOA adoption.

Evaluate your enterprise goal with SOA adoption to align it for current & future needs.

Run time SOA governance relates to contract management, service administration, service monitoring, and service mediation.

In practice, design and run time governance overlap in several places. Following are the specific areas to be addressed during governance:

Design Time SOA Governance:

Service registration

Service versioning

Service ownership

Service funding

Service monitoring

Service auditing

Service diagnostics

Service modeling

Service identification

Service publishing

Service discovery

Service development

Service consumption

Service provisioning

Service access

Service binding to form a composite application

Runtime SOA governance:

Service maturity

Capacity planning

Performance & problem logs

Education & training

Organizational changes.

Service policy enforcement.

THBS recommendations

We recommend the following teams to form a governing body for a typical SOA initiative across design time and run time:

1) SOA Centre of Excellence (COE)

SOA COE will be responsible to align the different teams involved, with the enterprise SOA goal. The COE will research and recommend the industry best practices, procedures & policies. COE will also play an important role in identifying, understanding & deciding a SOA solution or product or technology for a SOA project. It will create and gain agreement for a framework for estimating SOA benefits and for tracking achievements, manage the community of interest and act as an SOA mentor for the organization.

2) SOA Infrastructure Team

The SOA infrastructure team will be responsible to ensure the availability of the required infrastructure for development, testing & production environments. Infrastructure team will also participate in post implementations activities for monitoring and improvements.

3) Service Portfolio Management Team

SPM will assist COE in service categorization and management. SPM will align services as per their priority, line of business & service behavior. SPM team will also identify the policy enforcement for each service or group of services.

4) Service Life Cycle Management Team

SLCM team will define the procedure and compliance requirements for a service life cycle. SLCM will suggest the contract & quality management rules for each service. SLCM team will assist COE for the required procedure for a service retirement and new service version release.

5) SOA IT-Executive Team

SOA IT-Executive team should be a mixture of IT & business executives. This team will be responsible to ensure that the technical implementation and artifacts conform to the business requirements through rigorous quality assurance and validation. SOA IT-Executive team will ensure business interacts closely with the development & testing teams and will apprise the SOA Funding Team of project progress and status.

6) SOA Funding Team

The SOA funding team will keep an eye on ROI and examine frequently the project progress. This team will examine and recommend the project status and suggest the financial gains or losses. SOA funding team will plan the funding proposals i.e. when and where a central funding is required compare to separate department funding for their exclusive services.

7) SOA Service Factory

SOA service factory refers to the service development & testing team including onshore and offshore resources. This team will be responsible to understand the business requirements and provision the required services. SOA Service Factory team will closely interact with other teams to understand the business needs & provide end-to-end application (services) management.

SOA governance does not consist of a set of rigid bureaucratic policies and procedures. It involves regular collection of metrics and mandating changes to improvise the implementation. Policies would change as per business and enterprise needs. Consistent waivers are regularly identified and examined.

An example RACI matrix is as below (which of course would differ from enterprise to enterprise):

SOA Service Life Cycle Management

SOA service life cycle management is an integral part of any SOA governance.

SOA service life cycle management addresses the processes, procedures, patterns, tools, best practices, configuration management & repositories involved. The diagram below provides an overview of the repositories in a typical SOA project:

Service Life Cycle Management consists of an array of topics that would need to be dealt with individually and is outside the scope of this document.